syzbot


KMSAN: uninit-value in aes_encrypt

Status: closed as invalid on 2018/06/27 14:58
Subsystems: crypto
[Documentation on labels]
First crash: 2260d, last: 2260d
Similar bugs (4)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream KMSAN: uninit-value in aes_encrypt (5) ext4 C 23 3d00h 48d 0/27 upstream: reported C repro on 2024/04/28 10:32
upstream KMSAN: uninit-value in aes_encrypt (4) net C 15041 159d 1374d 0/27 auto-obsoleted due to no activity on 2024/03/19 00:25
upstream KMSAN: uninit-value in aes_encrypt (2) crypto C 52 1667d 1696d 0/27 closed as dup on 2019/11/19 02:55
upstream KMSAN: uninit-value in aes_encrypt (3) crypto C 2 1428d 1428d 0/27 closed as invalid on 2020/07/22 14:12

Sample crash report:
==================================================================
BUG: KMSAN: uninit-value in aes_encrypt+0x4d34/0x5990 crypto/aes_generic.c:1356
CPU: 0 PID: 3570 Comm: syzkaller681771 Not tainted 4.16.0+ #82
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x185/0x1d0 lib/dump_stack.c:53
 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676
 aes_encrypt+0x4d34/0x5990 crypto/aes_generic.c:1356
 crypto_cipher_encrypt_one include/linux/crypto.h:1568 [inline]
 crypto_cbcmac_digest_update+0x393/0x530 crypto/ccm.c:899
 crypto_shash_update crypto/shash.c:117 [inline]
 shash_ahash_update crypto/shash.c:239 [inline]
 shash_async_update+0x290/0x360 crypto/shash.c:247
 crypto_ahash_update include/crypto/hash.h:522 [inline]
 gcm_hash_update crypto/gcm.c:235 [inline]
 gcm_hash_remain crypto/gcm.c:242 [inline]
 gcm_hash_crypt_continue crypto/gcm.c:316 [inline]
 gcm_hash_assoc_remain_continue crypto/gcm.c:346 [inline]
 gcm_hash_init_continue crypto/gcm.c:402 [inline]
 gcm_hash+0x184f/0x24a0 crypto/gcm.c:430
 gcm_encrypt_continue crypto/gcm.c:455 [inline]
 crypto_gcm_encrypt+0xa13/0xaf0 crypto/gcm.c:484
 _aead_recvmsg include/crypto/aead.h:370 [inline]
 aead_recvmsg+0x25b5/0x2960 crypto/algif_aead.c:334
 sock_recvmsg_nosec net/socket.c:803 [inline]
 sock_recvmsg+0x1d0/0x230 net/socket.c:810
 ___sys_recvmsg+0x3fb/0x810 net/socket.c:2205
 __sys_recvmsg net/socket.c:2250 [inline]
 SYSC_recvmsg+0x298/0x3c0 net/socket.c:2262
 SyS_recvmsg+0x54/0x80 net/socket.c:2257
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
RIP: 0033:0x445789
RSP: 002b:00007f58ddf79da8 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
RAX: ffffffffffffffda RBX: 00000000006dac24 RCX: 0000000000445789
RDX: 0000000000000000 RSI: 0000000020001440 RDI: 000000000000000c
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000006dac20
R13: b7db545ced0cb6b3 R14: e581e305b075070a R15: 0000000000000006

Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
 kmsan_save_stack mm/kmsan/kmsan.c:293 [inline]
 kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:684
 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:521
 __crypto_xor+0x95f/0x16b0 crypto/algapi.c:1020
 crypto_xor include/crypto/algapi.h:210 [inline]
 crypto_cbcmac_digest_update+0x287/0x530 crypto/ccm.c:893
 crypto_shash_update crypto/shash.c:117 [inline]
 shash_ahash_update crypto/shash.c:239 [inline]
 shash_async_update+0x290/0x360 crypto/shash.c:247
 crypto_ahash_update include/crypto/hash.h:522 [inline]
 gcm_hash_update crypto/gcm.c:235 [inline]
 gcm_hash_assoc_remain_continue crypto/gcm.c:344 [inline]
 gcm_hash_init_continue crypto/gcm.c:402 [inline]
 gcm_hash+0x8b5/0x24a0 crypto/gcm.c:430
 gcm_encrypt_continue crypto/gcm.c:455 [inline]
 crypto_gcm_encrypt+0xa13/0xaf0 crypto/gcm.c:484
 _aead_recvmsg include/crypto/aead.h:370 [inline]
 aead_recvmsg+0x25b5/0x2960 crypto/algif_aead.c:334
 sock_recvmsg_nosec net/socket.c:803 [inline]
 sock_recvmsg+0x1d0/0x230 net/socket.c:810
 ___sys_recvmsg+0x3fb/0x810 net/socket.c:2205
 __sys_recvmsg net/socket.c:2250 [inline]
 SYSC_recvmsg+0x298/0x3c0 net/socket.c:2262
 SyS_recvmsg+0x54/0x80 net/socket.c:2257
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
Uninit was stored to memory at:
 kmsan_save_stack_with_flags mm/kmsan/kmsan.c:278 [inline]
 kmsan_save_stack mm/kmsan/kmsan.c:293 [inline]
 kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:684
 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:521
 __crypto_xor+0x95f/0x16b0 crypto/algapi.c:1020
 crypto_xor_cpy include/crypto/algapi.h:229 [inline]
 ctr_crypt_final arch/x86/crypto/aesni-intel_glue.c:479 [inline]
 ctr_crypt+0x432/0x4f0 arch/x86/crypto/aesni-intel_glue.c:521
 crypto_skcipher_encrypt include/crypto/skcipher.h:443 [inline]
 simd_skcipher_encrypt+0x221/0x320 crypto/simd.c:77
 crypto_skcipher_encrypt include/crypto/skcipher.h:443 [inline]
 crypto_gcm_encrypt+0x53e/0xaf0 crypto/gcm.c:483
 _aead_recvmsg include/crypto/aead.h:370 [inline]
 aead_recvmsg+0x25b5/0x2960 crypto/algif_aead.c:334
 sock_recvmsg_nosec net/socket.c:803 [inline]
 sock_recvmsg+0x1d0/0x230 net/socket.c:810
 ___sys_recvmsg+0x3fb/0x810 net/socket.c:2205
 __sys_recvmsg net/socket.c:2250 [inline]
 SYSC_recvmsg+0x298/0x3c0 net/socket.c:2262
 SyS_recvmsg+0x54/0x80 net/socket.c:2257
 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2
Local variable description: ----keystream.i@ctr_crypt
Variable was created at:
 ctr_crypt+0x4a/0x4f0 arch/x86/crypto/aesni-intel_glue.c:504
 crypto_skcipher_encrypt include/crypto/skcipher.h:443 [inline]
 simd_skcipher_encrypt+0x221/0x320 crypto/simd.c:77
==================================================================

Crashes (2):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/04/08 10:58 https://github.com/google/kmsan.git master e2ab7e8abba4 66f22a7f .config console log report syz C ci-upstream-kmsan-gce
2018/04/08 10:31 https://github.com/google/kmsan.git master e2ab7e8abba4 66f22a7f .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.